From acb388bc0546b48fca11dce8aa7a595af2cda5e2 Mon Sep 17 00:00:00 2001
From: Douglas Wade <douglas.b.wade@gmail.com>
Date: Tue, 11 Dec 2018 20:24:18 -0800
Subject: [PATCH] docs: Add security vulnerability disclosure instructions to
 the Readme (#1283)

---
 Readme.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/Readme.md b/Readme.md
index 7068851e7..fa8a958f9 100644
--- a/Readme.md
+++ b/Readme.md
@@ -204,6 +204,12 @@ the general Koa guide.
 $ npm test
 ```
 
+## Reporting vulnerabilities
+
+To report a security vulnerability, please do not open an issue, as this notifies attackers
+of the vulnerability. Instead, please email [dead_horse](mailto:heyiyu.deadhorse@gmail.com) and [jonathanong](mailto:me@jongleberry.com) to
+disclose.
+
 ## Authors
 
 See [AUTHORS](AUTHORS).